What the Equifax Breach Can Teach Us About Protecting Your Data

A day doesn’t go by where I haven’t received an alert from my national database of medical providers saying that another U.S. hospital or physician’s office was effected by a data theft. These breaches often take months to discover and years to fix. The costs to make their IT systems and the victims whole again will affect them for even longer.

The Equifax data breach sounds very similar to what I hear from healthcare IT directors who have had to endure a similar experience. It’s quite common in the medical community to hear about cyber terrorists stealing data such as patient’s past surgical histories, the list of medications they are prescribed, their pictures from MRIs and CT scans, and even their BMI (Body Mass Index.) The Equifax hack was no less personal; social security numbers, banking history, and even driver’s license numbers.

The Equifax security breach is still unfolding but here’s what we know:

They didn’t discover the breach for 75 days and didn’t notify the public for another 41,

The website they suggested we use to determine if we were affected was not registered to Equifax, had a flawed TLS implementation, and ran on free blogging software deemed unsuitable for high-security applications,

Their three senior executives sold $1.8 million worth of shares in the days after the breach was discovered and long before they alerted the public,

Now is a good time to sign up for credit monitoring services or a credit freeze,

Change your banking passwords.

Were you affected? I was. Most of my friends were and my spouse was. My sister is checking her three-year old’s social security number for the breach and all I can say is this; it is emotional for 143 million people, this feels personal to each and every one of them, and I hope this spurs the change we need in security for both the public and private sectors. A breach of this magnitude has the ability to severely hinder the credit rating and purchasing ability of a great many people.

Healthcare Data and Hackers

To mitigate the very real threat of security breaches, data loss and ransomware attacks, businesses of every size must do their due diligence and implement a level of security that best protects their invaluable data. For example, a 1,000 bed hospital system has the same chance of having their vital data compromised as does a 10-seat pediatrician’s office. The amount of data stolen and the ransom they are required to pay will vary, but the same outcome occurs: a patient feels violated and the practice is scrambling to recover and repair. Regardless the size of the business, these instances occur equally as frequent, because while a small practice may have weaker security defenses in place, a hospital may have more valuable data.

Beyond the cost of recovery and upfront damages lies the loss of customer and public trust, personnel fallout, as well as fines and penalties levied as a result of legal settlements for those affected. While insurance may cover this loss for the corporation this could negatively affect insurance premiums or coverage in the future.

Cybersecurity can be a tough undertaking for an IT department of any size given the number of angles a business can be attacked from. Not only does this cyber hurricane encompass the threat of attack via every computer, server and switch in your office, but it will include attacks on tablets, mobile phones and passwords. Below is a word cloud showing many of the things to consider when assessing your security structure.

Now What?

With countless applications and forward-facing systems, the hacker’s jobs have become easier and much more lucrative. Even with it widely known that gaining entry into one’s system has become easier there are still people failing to properly set up even the first line of defense: the password. The two most common passwords discovered after one famous security breach a few years ago were, “password” and “123456.” While we hope that your employees choose a more difficult password or refrain from opening an email that launches a Trojan into your entire operating system, very few companies adhere to a strict set of safety protocols which constantly survey and defend your network.

Developing an action plan with specific, assignable roles addressing a known breach, layering security measures and segregating internal data has proven to be the most effective components of threat and cost reduction. One key to reducing vulnerability will continue to be tight infrastructure management, including ongoing security updates and patching for firewalls, routers, and hardware, as well as the widespread and consistent use of encryption.

The True North Way

True North ITG is prepared to handle those threats which keep you up at night. Time and energy spent attempting to control the outside menace of ransomware dangers, identity threats, and network hackers can amount to hours taken away from running and operating your core business. True North ITG’s experienced Healthcare IT Consultants are equipped to handle these and any other pressures your organization faces.

The Benefits of Cloud Computing in Healthcare

What we understand better than most is that the pediatrician’s office deserves the same peace of mind as the world’s largest hospital group does. No matter the size or nature of your business, your information is stored as securely as we store our own. The True North Way always includes a security audit to determine the best possible protection measures are in place. If they currently do not exist, we work with you to establish a newly formed set of standards.

Besides the overall Business Continuity & Disaster Recovery plan and Anti-Virus/Anti-Malware solutions, two key IT security solutions to help protect your business are Mobile Device Management (MDM) and Web Filtering. Both of these solutions are fairly inexpensive and can end up saving you tens of thousands if your network is down for several days. An even more advanced solution providing additional network security that can pay huge dividends is network segmentation. Aligning your network by departments, say, can mean if one part of the network falls victim to cybercrime, the others are still perfectly safe.

Training and assisting staff with email and internet best practices is often one of the areas most companies overlook. When employees are allowed to bring their own devices or maintain a single password for multiple verticals, this can lead to an increased risk. We can assist the organization with an annual training on staff on making wise decisions about internet usage and the avoidance of spear phishing bait; we then document the training in a way that adheres to your compliance protocols.

Much more than an IT support company, True North places a focus on giving your company a secure foundation to run seamlessly AND the competitive edge to meet and exceed your goals. Ultimately, we augment your organization’s systems to run in a way that gives all staff and executives peace of mind, while maintaining the control you desire to effectively run your business.